For three years now, cryptographer Matt Blaze (previously) and his colleagues have hosted a Voting Village at Defcon, the annual hacker con in Vegas, in which all comers are welcomed to try to compromise a variety of voting machines that are in actual use in American elections.
Every year, the results are terrifying and horrible, as the grifty tech vendors' products are revealed to be totally unfit for purpose.
This year is no exception: the latest Voting Village report, reveals disturbingly easy to exploit flaws in the ES&S AutoMARK (in use in 28 states) and the Premier/Diebold AccuVote-OS (used in 26 states). Paired with recent Brennan Center research about the slow, patchwork, cash-starved programs to upgrade insecure voting machines around the country, the Voting Village report makes for alarming, if unsurprising, reading.
Additionally, voting machine security is only one item on a much larger punch list for better defending US elections. More districts need to implement network and cloud defenses to protect infrastructure like voter rolls and email, and more states need to conduct risk-limiting audits to verify elections results.
"While the discovery and replication of voting system security vulnerabilities are critical tasks for which the Voting Village plays an important role, that is not, in our view, its main contribution," the Village organizers write. "The clear conclusion of the Voting Village in 2019 is that independent security experts and hackers are stepping into the breach—providing expertise, answers, and solutions to election administrators, policymakers, and ordinary citizens where few others can."
DEF CON 27 Voting Machine Hacking Village [Matt Blaze et al/Defcon]
Some Voting Machines Still Have Decade-Old Vulnerabilities [Lily Hay Newman/Wired]